// first 10 minutes

MCP server compromise — quick-start

MCP server compromise — first 10 minutes. rotate credentials, preserve tool definitions before they're overwritten. print this, check boxes, then run the primary tools.

checklist

rotate all credentials the MCP server had access to: API keys, OAuth tokens, service account keys — immediately, before attribution.
preserve the current tool definition manifest (tools.json or equivalent) before any patch or rollback — the tampered definitions are evidence.
export the server's access log and tool-call trace for the incident window — before log rotation.
identify which agent sessions connected to the MCP server during the exposure window — each session is a potential blast-radius vector.
check whether any tool definition was modified to exfiltrate data, call external endpoints, or return false outputs.
identify the vector: leaked server credentials, supply-chain compromise of a dependency, or direct server access.
pull the git history or deployment log for the MCP server — look for unauthorized pushes or config changes.
notify all agent operators who connected sessions during the exposure window — their tool outputs may be corrupted.
audit any action taken by an agent during the exposure window — MCP tool calls may have triggered irreversible side effects (email sent, payment initiated).
begin the primary tool path below — MCP server compromise analyzer.

primary tools

go deeper

methodology →proof · orchid-mcp-server-compromise →case type tools →

// first 10 minutes

MCP server compromise — quick-start

MCP server compromise — first 10 minutes. rotate credentials, preserve tool definitions before they're overwritten. print this, check boxes, then run the primary tools.

checklist

rotate all credentials the MCP server had access to: API keys, OAuth tokens, service account keys — immediately, before attribution.
preserve the current tool definition manifest (tools.json or equivalent) before any patch or rollback — the tampered definitions are evidence.
export the server's access log and tool-call trace for the incident window — before log rotation.
identify which agent sessions connected to the MCP server during the exposure window — each session is a potential blast-radius vector.
check whether any tool definition was modified to exfiltrate data, call external endpoints, or return false outputs.
identify the vector: leaked server credentials, supply-chain compromise of a dependency, or direct server access.
pull the git history or deployment log for the MCP server — look for unauthorized pushes or config changes.
notify all agent operators who connected sessions during the exposure window — their tool outputs may be corrupted.
audit any action taken by an agent during the exposure window — MCP tool calls may have triggered irreversible side effects (email sent, payment initiated).
begin the primary tool path below — MCP server compromise analyzer.

primary tools

go deeper

methodology →proof · orchid-mcp-server-compromise →case type tools →